» cdc770.exe
Overview
Analysis
File Details
Downloads (6)

cdc770.exe

Georgi Georgiev

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application cdc770.exe by Georgi Georgiev has been detected as adware by 16 anti-malware scanners. The file has been seen being downloaded from www.nansq.info and multiple other hosts.

File name:

cdc770.exe

Publisher:

Georgi Georgiev (signed and verified)

MD5:

ef05af860bf3bac5c2f0f29e350180d1

SHA-1:

f643ccd0f599a4c9d6c607e884588a7d026f7c2a

SHA-256:

302561a93cf9d1a4d953b9e3b2b31655a35ddc3ccc36bc411f27c4c51f913803

Scanner detections:

16 / 68

Status:

Adware

Analysis date:

11/16/2024 11:57:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2083905

750

AVG

Win32/DH

2016.0.3228

Bitdefender

Trojan.GenericKD.2083905

1.0.20.80

Comodo Security

ApplicUnwnt

20727

Emsisoft Anti-Malware

Trojan.GenericKD.2083905

8.15.01.16.03

ESET NOD32

Win32/AdWare.Vonteera (variant)

9.11023

Fortinet FortiGate

Riskware/Vonteera

1/16/2015

F-Secure

Trojan.GenericKD.2083905

11.2015-16-01_6

G Data

Trojan.GenericKD.2083905

15.1.24

IKARUS anti.virus

PUA.Vonteera

t3scan.1.8.6.0

K7 AntiVirus

Adware

13.191.14661

McAfee

Artemis!EF05AF860BF3

5600.6884

MicroWorld eScan

Trojan.GenericKD.2083905

16.0.0.48

Norman

VMProtect.W

11.20150116

Reason Heuristics

PUP.GeorgiGeorgiev

15.2.14.11

Trend Micro House Call

Suspicious_GEN.F47V0115

7.2.16

File size:

1.1 MB (1,107,536 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\6v1sttnl\cdc770.exe

Digital Signature

Signed by:

Georgi Georgiev

Authority:

COMODO CA Limited

Valid from:

6/6/2014 4:00:00 AM

Valid to:

6/6/2016 3:59:59 AM

Subject:

CN=Georgi Georgiev, O=Georgi Georgiev, STREET="4 Petar Stoinov Str., Chelopechene", L=Sofia, S=Sofia, PostalCode=1617, C=BG

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

50E7161B35AEFC4CA801C951BEF0279A

File PE Metadata

Compilation timestamp:

1/15/2015 10:35:41 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:jY7KU0D2KvyNhXCV4E8BXAfrnkcAqU0AMKyEILbBBQOedeoK/Ef:jY7KD2Kv+hyz8grnkQfhK5IxBEdeojf

Entry address:

0xEF5F

Entry point:

E8, 95, 6D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 00, 1A, 00, 00, 3B, 0D, A0, 44, 43, 00, 75, 02, F3, C3, E9, 11, 6E, 00, 00, 8B, FF, 51, C7, 01, FC, 94, 42, 00, E8, 09, 6F, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, BD, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 47, 6F, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 85, F6... 
[+]

Entropy:

6.8585

Code size:

158.5 KB (162,304 bytes)

The file cdc770.exe has been seen being distributed by the following 6 URLs.

http://www.nansq.info/.../3c8f839db8.exe

http://www.colompia.info/.../a2a7065.exe

http://www.nansq.info/.../e5c4cacfdb.exe

http://www.colompia.info/.../0a1e054.exe

http://www.colompia.info/.../abb144c2.exe

http://www.nansq.info/.../4aa15f.exe

Remove cdc770.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.